🔶 Interactive AWS NAT Gateway
An interactive blog post exploring how AWS NAT Gateway works.
https://malithr.com/aws/natgateway/
#aws
An interactive blog post exploring how AWS NAT Gateway works.
https://malithr.com/aws/natgateway/
#aws
👍2❤1🔥1
🔴 Introducing protection summary, a new Google Cloud Backup and DR feature
Google Cloud Backup and DR's protection summary offers a centralized view of data protection configuration, identifying gaps and improving resilience.
https://cloud.google.com/blog/products/storage-data-transfer/google-cloud-backup-and-dr-protection-summary/
#gcp
Google Cloud Backup and DR's protection summary offers a centralized view of data protection configuration, identifying gaps and improving resilience.
https://cloud.google.com/blog/products/storage-data-transfer/google-cloud-backup-and-dr-protection-summary/
#gcp
❤1👍1🔥1
🔶 Effectively implementing resource control policies in a multi-account environment
Post demonstrating how RCPs can help improve your security posture while allowing even more freedom to developers in managing their resources, thus reducing friction between central security and application teams.
https://aws.amazon.com/ru/blogs/security/effectively-implementing-resource-controls-policies-in-a-multi-account-environment/
(Use VPN to open from Russia)
#aws
Post demonstrating how RCPs can help improve your security posture while allowing even more freedom to developers in managing their resources, thus reducing friction between central security and application teams.
https://aws.amazon.com/ru/blogs/security/effectively-implementing-resource-controls-policies-in-a-multi-account-environment/
(Use VPN to open from Russia)
#aws
❤2👍1🔥1
🔶 How does Sendbird secure AWS?
How Sendbird matured its AWS security posture, empowering developers to deploy in a way that's both user-friendly and secure.
https://sendbird.com/blog/aws-security
#aws
How Sendbird matured its AWS security posture, empowering developers to deploy in a way that's both user-friendly and secure.
https://sendbird.com/blog/aws-security
#aws
❤2👍1🔥1
This media is not supported in your browser
VIEW IN TELEGRAM
🔴 ImageRunner: A Privilege Escalation Vulnerability Impacting GCP Cloud Run
The vulnerability could have allowed to abuse Google Cloud Run permissions in order to pull private Google Artifact Registry and Google Container Registry images in the same account.
https://www.tenable.com/blog/imagerunner-a-privilege-escalation-vulnerability-impacting-gcp-cloud-run
(Use VPN to open from Russia)
#gcp
The vulnerability could have allowed to abuse Google Cloud Run permissions in order to pull private Google Artifact Registry and Google Container Registry images in the same account.
https://www.tenable.com/blog/imagerunner-a-privilege-escalation-vulnerability-impacting-gcp-cloud-run
(Use VPN to open from Russia)
#gcp
❤1👍1🔥1
🔶 Invoking Misconfigured API Gateways from Any External AWS Accounts
Did you know a misconfigured private API Gateway can be invoked from any AWS account?
https://www.offensai.com/blog/invoking-misconfigured-api-gateways-from-external-aws-accounts
(Use VPN to open from Russia)
#aws
Did you know a misconfigured private API Gateway can be invoked from any AWS account?
https://www.offensai.com/blog/invoking-misconfigured-api-gateways-from-external-aws-accounts
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔶 Planning for your IAM Roles Anywhere deployment
Before you start using IAM Roles Anywhere, it's important to plan how you'll integrate it with your PKI and with your applications running outside of AWS.
https://aws.amazon.com/ru/blogs/security/planning-for-your-iam-roles-anywhere-deployment/
(Use VPN to open from Russia)
#aws
Before you start using IAM Roles Anywhere, it's important to plan how you'll integrate it with your PKI and with your applications running outside of AWS.
https://aws.amazon.com/ru/blogs/security/planning-for-your-iam-roles-anywhere-deployment/
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔶 Handling Network Throttling with AWS EC2 at Pinterest
Post discussing Pinterest's experiences in identifying the challenges associated with EC2 network throttling, as well as how they developed network performance monitoring for their EC2 fleet.
https://medium.com/@Pinterest_Engineering/handling-network-throttling-with-aws-ec2-at-pinterest-fda0efc21083
(Use VPN to open from Russia)
#aws
Post discussing Pinterest's experiences in identifying the challenges associated with EC2 network throttling, as well as how they developed network performance monitoring for their EC2 fleet.
https://medium.com/@Pinterest_Engineering/handling-network-throttling-with-aws-ec2-at-pinterest-fda0efc21083
(Use VPN to open from Russia)
#aws
👍2❤1🔥1
🔴 Introducing Google Unified Security
Google introduced Unified Security, a new security solution that combines Google Cloud's security products with Mandiant's expertise to provide a comprehensive approach to threat intelligence, security operations, cloud security, and secure enterprise browsing.
https://cloud.google.com/blog/products/identity-security/driving-secure-innovation-with-ai-google-unified-security-next25/
#gcp
Google introduced Unified Security, a new security solution that combines Google Cloud's security products with Mandiant's expertise to provide a comprehensive approach to threat intelligence, security operations, cloud security, and secure enterprise browsing.
https://cloud.google.com/blog/products/identity-security/driving-secure-innovation-with-ai-google-unified-security-next25/
#gcp
❤1👍1🔥1
🔴 Cloud WAN: Connect your global enterprise with a network built for the AI era
Cloud WAN is a fully managed, reliable, and secure enterprise backbone to transform enterprise wide area network (WAN) architectures.
https://cloud.google.com/blog/products/networking/connect-globally-with-cloud-wan-for-the-ai-era/
#gcp
Cloud WAN is a fully managed, reliable, and secure enterprise backbone to transform enterprise wide area network (WAN) architectures.
https://cloud.google.com/blog/products/networking/connect-globally-with-cloud-wan-for-the-ai-era/
#gcp
👍2❤1🔥1
🔶 Automating AWS Private CA audit reports and certificate expiration alerts
Guide through a custom automation workflow that harnesses AWS Private CA audit reports to monitor certificate expirations proactively.
https://aws.amazon.com/ru/blogs/security/automating-aws-private-ca-audit-reports-and-certificate-expiration-alerts/
(Use VPN to open from Russia)
#aws
Guide through a custom automation workflow that harnesses AWS Private CA audit reports to monitor certificate expirations proactively.
https://aws.amazon.com/ru/blogs/security/automating-aws-private-ca-audit-reports-and-certificate-expiration-alerts/
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔶 How to use the new CloudTrail network activity events for AWS VPC Endpoints
How AWS VPC Endpoint CloudTrail logs can help you troubleshoot endpoint policies and strengthen your network's security against data exfiltration.
https://www.wiz.io/blog/aws-vpc-endpoint-cloudtrail
#aws
How AWS VPC Endpoint CloudTrail logs can help you troubleshoot endpoint policies and strengthen your network's security against data exfiltration.
https://www.wiz.io/blog/aws-vpc-endpoint-cloudtrail
#aws
❤1👍1🔥1
🔶 IAM Role Trust Policies: Misconfigurations Hiding in Plain Sight
Even small misconfigurations in role trust policies can unintentionally create critical privilege escalation risks in AWS, such as allowing low-privileged users to assume admin roles.
https://www.token.security/blog/iam-role-trust-policies-misconfigurations-hiding-in-plain-sight
#aws
Even small misconfigurations in role trust policies can unintentionally create critical privilege escalation risks in AWS, such as allowing low-privileged users to assume admin roles.
https://www.token.security/blog/iam-role-trust-policies-misconfigurations-hiding-in-plain-sight
#aws
❤1👍1🔥1
🔶 AWS SNS Abuse: Data Exfiltration and Phishing
Post diving into publicly known SNS abuse attempts and Elastic's knowledge of the data source to develop detection capabilities.
https://www.elastic.co/security-labs/aws-sns-abuse
#aws
Post diving into publicly known SNS abuse attempts and Elastic's knowledge of the data source to develop detection capabilities.
https://www.elastic.co/security-labs/aws-sns-abuse
#aws
❤2👍1🔥1
🔶 Path Traversal Vulnerability in AWS SSM Agent's Plugin ID Validation
A Path Traversal vulnerability found in the AWS Systems Manager (SSM) Agent, specifically within the ValidatePluginId function of the pluginutil.go file.
https://cymulate.com/blog/aws-ssm-agent-plugin-id-path-traversal/
#aws
A Path Traversal vulnerability found in the AWS Systems Manager (SSM) Agent, specifically within the ValidatePluginId function of the pluginutil.go file.
https://cymulate.com/blog/aws-ssm-agent-plugin-id-path-traversal/
#aws
👍2❤1🔥1
🔶 Gaining Long-Term AWS Access with CodeBuild and GitHub
Another example of how attackers can abuse legitimate AWS services for persistence.
https://medium.com/@adan.alvarez/gaining-long-term-aws-access-with-codebuild-and-github-873324638784
#aws
Another example of how attackers can abuse legitimate AWS services for persistence.
https://medium.com/@adan.alvarez/gaining-long-term-aws-access-with-codebuild-and-github-873324638784
#aws
👍2❤1🔥1
🔶 Secure Cross-Account Access is Tricky. Four Common Dangerous Misconceptions
Post diving into cross-account trust policies, explaining four major misconceptions repeatedly seen in organizations, which often lead to the creation of cross-account trust paths from less secure accounts to more sensitive accounts.
https://www.token.security/blog/secure-cross-account-access-is-tricky-four-common-dangerous-misconceptions
#aws
Post diving into cross-account trust policies, explaining four major misconceptions repeatedly seen in organizations, which often lead to the creation of cross-account trust paths from less secure accounts to more sensitive accounts.
https://www.token.security/blog/secure-cross-account-access-is-tricky-four-common-dangerous-misconceptions
#aws
❤1👍1🔥1
🔶🔷🔴 Threat Modelling Cloud Service Providers in 2025
With the US Government acting in an erratic and hostile manner towards its traditional allies, it makes sense for companies not typically subject to US Jurisdiction to reconsider their threat models when using the big three cloud providers. All of them are US-based companies, and all three conduct a substantial amount of business with the US Government.
https://www.chrisfarris.com/post/threat-model-2025/
#aws #azure #gcp
With the US Government acting in an erratic and hostile manner towards its traditional allies, it makes sense for companies not typically subject to US Jurisdiction to reconsider their threat models when using the big three cloud providers. All of them are US-based companies, and all three conduct a substantial amount of business with the US Government.
https://www.chrisfarris.com/post/threat-model-2025/
#aws #azure #gcp
👍2❤1🔥1
Microsoft released and updated the threat matrix for Kubernetes, an active knowledge base for security threats that target Kubernetes clusters, to systematically map the attack surface of Kubernetes.
https://www.microsoft.com/en-us/security/blog/2025/04/23/understanding-the-threat-landscape-for-kubernetes-and-containerized-assets/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
👍3❤1🔥1
🔴 MCP Toolbox for Databases: Simplify AI Agent Access to Enterprise Data
Learn how MCP Toolbox for Databases can help you deliver secure and standardized ways to have your agents communicate with one another and access enterprise data.
https://cloud.google.com/blog/products/ai-machine-learning/mcp-toolbox-for-databases-now-supports-model-context-protocol/
#gcp
Learn how MCP Toolbox for Databases can help you deliver secure and standardized ways to have your agents communicate with one another and access enterprise data.
https://cloud.google.com/blog/products/ai-machine-learning/mcp-toolbox-for-databases-now-supports-model-context-protocol/
#gcp
❤1👍1🔥1
🔶 How to help prevent hotlinking using referer checking, AWS WAF, and Amazon CloudFront
How to help prevent hotlinking by using header inspection in AWS WAF, while still taking advantage of the improved user experience from a CDN such as CloudFront.
https://aws.amazon.com/ru/blogs/security/how-to-prevent-hotlinking-by-using-aws-waf-amazon-cloudfront-and-referer-checking/
(Use VPN to open from Russia)
#aws
How to help prevent hotlinking by using header inspection in AWS WAF, while still taking advantage of the improved user experience from a CDN such as CloudFront.
https://aws.amazon.com/ru/blogs/security/how-to-prevent-hotlinking-by-using-aws-waf-amazon-cloudfront-and-referer-checking/
(Use VPN to open from Russia)
#aws
❤1👍1🔥1